remote -ssojet

This MCP server integrates SSOJet authentication to guard access to secure MCP tools. After a user signs in through SSOJet, they gain access to the available tools exposed by the server. The current toolset includes a simple calculator-like capability named add, which sums two numbers. Once authenticated, you can connect using an MCP client (for example, the Workers AI LLM Playground or MCP Inspector) and invoke the add tool to perform arithmetic operations. The workflow ensures that only authenticated users can discover and execute tools, aligning with the security posture provided by SSOJet.

To use it, first complete the SSOJet sign-in flow via the MCP client you’re using. After authentication, request tool metadata (e.g., via the MCP protocol) and then call the add tool with two numbers as input. The server will respond with the computed result. If you are testing locally, you can point your client to the local sse endpoint once the server is running and authenticated, enabling you to explore tool availability and responses in real time.

Prerequisites:

• Node.js and npm installed on your machine
• Cloudflare Wrangler for deploying Cloudflare Workers (optional for deployment)
• Access to a Cloudflare KV namespace if you plan to use tokens and session data with KV

Installation steps:

1. Clone the repository or download the project files.
2. Install dependencies: npm install
3. Configure environment variables in a local .dev.vars file (example below): SSOJET_CLIENT_ID=<your_ssojet_client_id> SSOJET_CLIENT_SECRET=<your_ssojet_client_secret> SSOJET_ISSUER=https://<your-tenant>.auth.ssojet.com/v1/ SSOJET_SCOPE="openid profile email" NODE_ENV=development API_BASE_URL=http://localhost:8788
4. Start the MCP server locally: npm run dev
5. (Optional) For deployment to Cloudflare Workers, set up secrets and deploy: wrangler secret put SSOJET_CLIENT_ID wrangler secret put SSOJET_CLIENT_SECRET wrangler secret put SSOJET_ISSUER wrangler secret put SSOJET_SCOPE npm run deploy

Environment variables govern authentication and API access. Ensure your SSOJet application is configured with the correct Client ID, Client Secret, and Issuer URL. The callback URL for local development must be http://localhost:8788/callback. If you encounter tool-not-showing issues, confirm you are authenticated and using the correct endpoint (e.g., /sse for MCP Inspector). The Cloudflare KV namespace is used to store token metadata; ensure it is created and bound properly in wrangler.jsonc. For testing, you can use the MCP Inspector at http://localhost:8788/sse and follow the prompts to authenticate via SSOJet.